package com.dao;


import com.core.model.user.User;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;

import java.util.List;

/**
 * Created with IntelliJ IDEA.
 * User: xf
 * Date: 2016/5/4
 * Time: 21:26
 * To change this template use Editor | File and Code Templates.
 */
public interface securityDao extends EntityDao {

    @PreAuthorize("(hasRole('ROLE_USER') and #user.username.length() <= 12) or hasRole('ROLE_ADMIN')")
    void saveOrUpdateUser(User user);   //调用前，拥有user权限并且用户名长度<=12  或者 拥有admin权限

    @PostAuthorize("returnObject.user.username == principal.username")
    User findUserByGuid(String guid);   //调用后，限制查询结果是否是当前用户

    @PreAuthorize("hasAnyRole({'ROLE_USER,'ROLE_ADMIN''})")
    @PostFilter("hasRole('ROLE_ADMIN') || filterObject.user.username == principal.username")
    List<User> findUser();    //调用后，过滤返回值：拥有admin权限查看所有user，否则只能查看自己相关的user

    @PreAuthorize("hasAnyRole({'ROLE_USER,'ROLE_ADMIN''})")
    @PreFilter("hasRole('ROLE_ADMIN') || targetObject.user.username == principal.username")
    void deleteUser(List<User> users);   //调用前，过滤参数：拥有admin权限删除所有user，否则只能删除自己相关的user

}